View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Cleanest permissions for public_html with apache
Log in to Ask a Question

Cleanest permissions for public_html with apache

development

Hi folks,

Perhaps some of you more experienced linoders can comment on what the technically cleanest way to apply permissions on apache's publichtml folder is. I have an apache user and my own user for ftp/ssh access that works with files in publichtml.

From my limited view, I see 2 (probably not-so-good) ways:

1) create a group called 'www', add 'apache' and 'myuser' to the group and "chown -R apache:www public_html/" I guess this needs 664 permissions on files and 2775 on directories.

2) change config so apache service runs with 'myuser' instead and "chown -R myuser:myuser public_html/" with 644 permissions on files and (2?)775 on directories.

I'm on CentOs 6.4. running wordpress (and others). Suggestions greatly appreciated.

Cheers and thanks!

edit: version number typo.

1 Reply

What I do is own all of the files with my personal account and give the apache group read permissions for all files and rx for directories. Other gets none. Any directories where you need to upload files (such as a webmail app, for attachments) will need to be writable by apache, also.

WordPress automatic updates doesn't like this, though. Even if you give the apache group write permissions it won't run. I have a script to change the owner to apache prior to an upgrade and I revert everything back after.

The benefits of this is that I can manage my web sites with an unprivileged account.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct